Stop Chasing Ghosts: Prioritize Real Risks in the AI Era

We are living in the Age of AI, where the way we build software has fundamentally changed. With the rise of AI-assisted coding tools like Cursor, GitHub Copilot and Claude Code, developers are generating code faster than ever before. Recent industry reports indicate that AI-generated code now accounts for nearly 46% of new code written, significantly accelerating development cycles ^[1].

However, rapid code generation has outpaced remediation. Teams are flying blind, with 68% of organizations leaving critical vulnerabilities unresolved for over 24 hours, often due to a lack of context (37%) ^[2]. When SREs cannot determine if a vulnerable library is running or reachable, every alert becomes a fire drill, leading to paralysis rather than action.

This context gap generates massive toil that drags down engineering velocity. With security teams spending up to 50% of their time on manual tasks, friction rolls downhill to SREs in the form of endless Jira tickets and emergency patches ^[2]. 59% report that these siloed practices create inefficiencies ^[2] meaning you get woken up for vulnerabilities that aren't even exploitable in your environment. To break this cycle, engineering must shift to real-time insights, focusing on the code actively exposing you to risk right now.

We're excited to announce that Secure Application in Splunk Observability Cloud is generally available now! Built to extend the industry-leading Splunk Observability Cloud into the realm of application security, it provides the runtime visibility so you need to defend against these rapid threats and enhance compliance.

Security Built on Your Existing Observability Solution

Splunk Observability Cloud is already a leader in Application Performance Monitoring (APM), trusted by teams to unify application, infrastructure, and digital experience monitoring in one place. You rely on it to detect and investigate issues using all your metric, trace, and log data—with zero sampling and AI-assisted troubleshooting.

Secure Application builds directly on these core strengths. It collects additional security-specific events alongside your existing telemetry, enriching the massive stream of full-fidelity data you are already collecting. By analyzing the traces that tell you why an application is slow, we can now map open-source risk directly to your business impact, telling you if and where you are vulnerable. This convergence makes your observability platform stronger, turning operational data into security intelligence.

Transform Your Security Posture

Here is how unifying your existing observability with application security transforms your security posture:

1. Minimal Friction Security with Deep Application Context

Splunk Observability Cloud empowers you to control your data and costs using OpenTelemetry (OTel). Secure Application doubles down on this advantage by delivering runtime vulnerability detection mapped directly to your application context—all with minimal friction.

• Leverage Your Existing Footprint: Because Secure Application is delivered via the Splunk Distribution of OpenTelemetry, you don't need to deploy new, proprietary security agents. If you are monitoring your application with Splunk APM, you are ready to secure it.
• Context is King: Security findings are not isolated alerts. They are mapped directly to your existing traces, services, and environments. You can instantly see which service is loading a vulnerable library, whether it is running in production or staging, and if the vulnerable code path is reachable.

^{Image 1: Detect Runtime Vulnerability with Application and Risk Context using existing OpenTelemetry Agents}

2. Simplified Library Discovery in a Complex World

With AI generating code and pulling in dependencies at record speed, maintaining an accurate Software Bill of Materials (SBOM) is a constant battle. Modern applications are often a "black box" of transitive dependencies—libraries that your libraries rely on.

• Deep Context: Secure Application uses the deep application context from Splunk Observability Cloud (environment, service) to show you exactly how third-party code is being used, ensuring you have a complete, real-time inventory of your runtime environment.
• Surfacing Shadow Dependencies: Secure Application uses runtime telemetry to illuminate the entire dependency tree. It goes beyond just the top-level packages you declared. It surfaces nested libraries and shadow dependencies that are actively loaded into memory, giving you visibility into risks deep within the stack that static scans often miss.

^{Image 2: Detect Runtime Open-Source Libraries with Application Context}

3. Data-Driven Prioritization with Cisco Vulnerability Management

Engineering teams are often trapped in a cycle of "SLA fatigue." Static scanners frequently flag hundreds of vulnerabilities as "Critical” and “High” based solely on their Common Vulnerabilities Scoring System (CVSS) score. This creates an impossible math problem: if you have 500 critical alerts and 24 hours to a week SLA to patch them, your team spends all their time patching instead of building.

The solution: risk-based prioritization. To break this cycle, you need to shift from fixing everything to fixing what matters. This requires distinguishing between a vulnerability that could be exploited and one that is being exploited. Splunk Secure Application integrates Cisco Vulnerability Management (CVM) to provide this intelligence. CVM analyzes billions of signals—from active exploit kits to dark web chatter—to predict the real-world likelihood of an attack.

Consider two vulnerabilities, both flagged with a High CVSS score of 7.5 as shown below:

• Vulnerability CVE-2024-38819: CVM assigns a Cisco Security Risk Score of 67/100 as it is easily exploitable.
• Vulnerability CVE-2025-41249: CVM assigns a Cisco Security Risk Score of 51/100 because it is theoretical with no known exploits and not easily exploitable.

Instead of rushing to patch both within a 24-hour SLA, your team can prioritize Vulnerability CVE-2024-38819 immediately and safely schedule Vulnerability CVE-2025-41249 for a later sprint. This ensures you meet compliance for actual threats while reducing unnecessary fire drills.

^{Image 3: Prioritize Runtime Vulnerabilities based on Risk of Exploitation to enhance SLA Compliance}

4. Mapping Risk to Business Impact

A vulnerability in a rarely used backend service is different from one in your business-critical application checkout flow. Because Secure Application is integrated into Splunk Observability Cloud, it understands your application's architecture, user journeys, and business context.

• Business Transaction Mapping: It maps vulnerabilities directly to specific business transactions and workflows. You can instantly see if a critical vulnerability is impacting a high-value service (like "Payment Processing") versus a low-priority internal tool.
• Impact-Based Triage: This allows SREs and developers to prioritize fixes based on potential business loss, ensuring that the most critical revenue-generating paths are secured first.

^{Image 4: Prioritize Runtime Vulnerabilities based on Business Context}

5. Extending Insights to Splunk Cloud and Enterprise

Runtime insights shouldn't stay siloed in the observability platform. Secure Application allows you to leverage the investments your organization already has in Splunk Cloud or Splunk Enterprise.

• Shared Visibility: You can easily set up vulnerability notifications—filtered by specific environments (e.g., Production vs. Staging) or services—to be sent directly to the Splunk platform.
• Unifying Teams: This ensures that security teams get visibility into the same runtime insights that SREs are seeing, creating a shared source of truth and enabling faster cross-team collaboration without requiring new tools.

Summary: Engineering Confidence in the Age of AI

In the age of AI, engineering teams face a dual mandate: accelerate business outcomes and maintain rock-solid reliability. Splunk Secure Application bridges the gap between dev speed and production safety. By leveraging the minimal friction of OpenTelemetry, deep inventory visibility, Cisco’s predictive risk scoring, business impact mapping, and seamless integration with the Splunk platform, you can stop chasing ghosts. It’s time to move beyond noise, prioritizing the threats that truly matter to keep your runtime secure and your innovation engine moving fast.

Join Us at Cisco Live Amsterdam!

We are showcasing the future of application security live. To see a deep dive into how Splunk and Cisco are revolutionizing runtime protection, join our breakout session:

• Session: BRKSOBS-1123: Securing Cloud-Native Applications: Real-Time Al Based Vulnerability Detection with Splunk

• Where: Cisco Live Amsterdam (or watch on-demand)
• Action: Add to your schedule or bookmark the recording today!

Ready to Secure Your Runtime?

Empower your teams to fix faster and ship safer.

• Contact Sales: Reach out to your Splunk or Cisco account representative to learn how to activate Secure Application on your existing OTel agents or start trial of Splunk Observability Cloud with Secure Application.

References

1. GitHub (2023). " GitHub Copilot now has a better AI model and new capabilities."
2. BusinessWire (2025). "Report Finds 68% of Organizations Fail to Remediate Critical Vulnerabilities on Time."